I am saving some images/objects in aws s3 bucket from my application. First i am getting signed url from nodejs service api and uploading images or files to singed url using jquery ajax. I can open image or object using the link provided in the properties (https://s3.amazonaws.com/bucketname/objectname).
我正在从我的应用程序中保存aws s3存储桶中的一些图像/对象。首先,我从nodejs服务api获取签名URL,并使用jquery ajax将图像或文件上传到singed url。我可以使用属性中提供的链接打开图像或对象(https://s3.amazonaws.com/bucketname/objectname)。
I want to provide security for each uploaded object. Even by chance if any anonymous user gets the link (https://s3.amazonaws.com/bucketname/objectname) somewhere he should not be able to open it. They (objects) should be accessed and open only cases like when request has some headers key values etc. I tried server side encryption by specifying header key values in request as shown below.
我想为每个上传的对象提供安全性。即使有任何匿名用户在某处获得链接(https://s3.amazonaws.com/bucketname/objectname),他也应该无法打开它。应该访问它们(对象)并仅打开例如请求具有一些标题键值等的情况。我通过在请求中指定标题键值来尝试服务器端加密,如下所示。
var file = document.getElementById('fileupload').files[0];
$.ajax({
url: signedurl,
type: "PUT",
data: file,
header:{'x-amz-server-side-encryption':'AES256'},
contentType: file.type,
processData: false,
success: function (result) {
var res = result;
},
error: function (error) {
alert(error);
}
Doesn't sever side encryption keep encrypted object on s3 bucket storage? Does it only encrypts while transferring and decrypts before saving on s3 storage?
不加密端加密保留s3存储桶上的加密对象吗?在保存s3存储之前,它是否仅在传输和解密时加密?
If it stores encrypted object on s3 storage then how can i open it using the link shown in properties.
如果它将加密对象存储在s3存储上,那么如何使用属性中显示的链接打开它。
1 个解决方案
#1
1
Server-Side Encryption (SSE) in Amazon S3 encrypts objects at rest (stored on disk) but decrypts objects when they are retrieved. Therefore, it is a transparent form of encryption.
Amazon S3中的服务器端加密(SSE)会加密静态对象(存储在磁盘上),但会在检索对象时对其进行解密。因此,它是一种透明的加密形式。
If you wish to keep objects in Amazon S3 private, but make them available to specific authorized users, I would recommend using Pre-Signed URLs.
如果您希望将Amazon S3中的对象保密,但将其提供给特定的授权用户,我建议您使用预签名URL。
This works by having your application generate a URL that provides time-limited access to a specific object in Amazon S3. The objects are otherwise kept private so they are not accessible.
这可以通过让您的应用程序生成一个URL来提供对Amazon S3中特定对象的时间限制访问来实现。否则,对象将保密,因此无法访问它们。
See documentation: Share an Object with Others
请参阅文档:与他人共享对象
#1
1
Server-Side Encryption (SSE) in Amazon S3 encrypts objects at rest (stored on disk) but decrypts objects when they are retrieved. Therefore, it is a transparent form of encryption.
Amazon S3中的服务器端加密(SSE)会加密静态对象(存储在磁盘上),但会在检索对象时对其进行解密。因此,它是一种透明的加密形式。
If you wish to keep objects in Amazon S3 private, but make them available to specific authorized users, I would recommend using Pre-Signed URLs.
如果您希望将Amazon S3中的对象保密,但将其提供给特定的授权用户,我建议您使用预签名URL。
This works by having your application generate a URL that provides time-limited access to a specific object in Amazon S3. The objects are otherwise kept private so they are not accessible.
这可以通过让您的应用程序生成一个URL来提供对Amazon S3中特定对象的时间限制访问来实现。否则,对象将保密,因此无法访问它们。
See documentation: Share an Object with Others
请参阅文档:与他人共享对象